{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel igb driver: Denial of Service due to improper SR-IOV cleanup",
    "id" : "2425050",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425050"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-703",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nigb: clean up in all error paths when enabling SR-IOV\nAfter commit 50f303496d92 (\"igb: Enable SR-IOV after reinit\"), removing\nthe igb module could hang or crash (depending on the machine) when the\nmodule has been loaded with the max_vfs parameter set to some value != 0.\nIn case of one test machine with a dual port 82580, this hang occurred:\n[  232.480687] igb 0000:41:00.1: removed PHC on enp65s0f1\n[  233.093257] igb 0000:41:00.1: IOV Disabled\n[  233.329969] pcieport 0000:40:01.0: AER: Multiple Uncorrected (Non-Fatal) err0\n[  233.340302] igb 0000:41:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fata)\n[  233.352248] igb 0000:41:00.0:   device [8086:1516] error status/mask=00100000\n[  233.361088] igb 0000:41:00.0:    [20] UnsupReq               (First)\n[  233.368183] igb 0000:41:00.0: AER:   TLP Header: 40000001 0000040f cdbfc00c c\n[  233.376846] igb 0000:41:00.1: PCIe Bus Error: severity=Uncorrected (Non-Fata)\n[  233.388779] igb 0000:41:00.1:   device [8086:1516] error status/mask=00100000\n[  233.397629] igb 0000:41:00.1:    [20] UnsupReq               (First)\n[  233.404736] igb 0000:41:00.1: AER:   TLP Header: 40000001 0000040f cdbfc00c c\n[  233.538214] pci 0000:41:00.1: AER: can't recover (no error_detected callback)\n[  233.538401] igb 0000:41:00.0: removed PHC on enp65s0f0\n[  233.546197] pcieport 0000:40:01.0: AER: device recovery failed\n[  234.157244] igb 0000:41:00.0: IOV Disabled\n[  371.619705] INFO: task irq/35-aerdrv:257 blocked for more than 122 seconds.\n[  371.627489]       Not tainted 6.4.0-dirty #2\n[  371.632257] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this.\n[  371.641000] task:irq/35-aerdrv   state:D stack:0     pid:257   ppid:2      f0\n[  371.650330] Call Trace:\n[  371.653061]  <TASK>\n[  371.655407]  __schedule+0x20e/0x660\n[  371.659313]  schedule+0x5a/0xd0\n[  371.662824]  schedule_preempt_disabled+0x11/0x20\n[  371.667983]  __mutex_lock.constprop.0+0x372/0x6c0\n[  371.673237]  ? __pfx_aer_root_reset+0x10/0x10\n[  371.678105]  report_error_detected+0x25/0x1c0\n[  371.682974]  ? __pfx_report_normal_detected+0x10/0x10\n[  371.688618]  pci_walk_bus+0x72/0x90\n[  371.692519]  pcie_do_recovery+0xb2/0x330\n[  371.696899]  aer_process_err_devices+0x117/0x170\n[  371.702055]  aer_isr+0x1c0/0x1e0\n[  371.705661]  ? __set_cpus_allowed_ptr+0x54/0xa0\n[  371.710723]  ? __pfx_irq_thread_fn+0x10/0x10\n[  371.715496]  irq_thread_fn+0x20/0x60\n[  371.719491]  irq_thread+0xe6/0x1b0\n[  371.723291]  ? __pfx_irq_thread_dtor+0x10/0x10\n[  371.728255]  ? __pfx_irq_thread+0x10/0x10\n[  371.732731]  kthread+0xe2/0x110\n[  371.736243]  ? __pfx_kthread+0x10/0x10\n[  371.740430]  ret_from_fork+0x2c/0x50\n[  371.744428]  </TASK>\nThe reproducer was a simple script:\n#!/bin/sh\nfor i in `seq 1 5`; do\nmodprobe -rv igb\nmodprobe -v igb max_vfs=1\nsleep 1\nmodprobe -rv igb\ndone\nIt turned out that this could only be reproduce on 82580 (quad and\ndual-port), but not on 82576, i350 and i210.  Further debugging showed\nthat igb_enable_sriov()'s call to pci_enable_sriov() is failing, because\ndev->is_physfn is 0 on 82580.\nPrior to commit 50f303496d92 (\"igb: Enable SR-IOV after reinit\"),\nigb_enable_sriov() jumped into the \"err_out\" cleanup branch.  After this\ncommit it only returned the error code.\nSo the cleanup didn't take place, and the incorrect VF setup in the\nigb_adapter structure fooled the igb driver into assuming that VFs have\nbeen set up where no VF actually existed.\nFix this problem by cleaning up again if pci_enable_sriov() fails.", "A flaw was found in the Linux kernel's `igb` driver. When the `igb` module is loaded with Single Root I/O Virtualization (SR-IOV) enabled on certain network adapters, and the SR-IOV initialization subsequently fails, the driver does not properly clean up allocated resources. A local user can exploit this improper cleanup by attempting to remove the `igb` module, which may cause the system to hang or crash, leading to a Denial of Service (DoS)." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54070\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54070\nhttps://lore.kernel.org/linux-cve-announce/2025122431-CVE-2023-54070-6104@gregkh/T" ],
  "name" : "CVE-2023-54070",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the `igb` kernel module from loading with SR-IOV enabled. If the `igb` driver is not in use, blacklist the module by creating a file `/etc/modprobe.d/blacklist-igb.conf` with the content `blacklist igb`. Regenerate the initramfs and reboot the system for the changes to take effect. If the `igb` driver is required but SR-IOV functionality is not, ensure the `max_vfs` parameter is set to `0` by creating `/etc/modprobe.d/igb.conf` with `options igb max_vfs=0`. A system reboot is required for these changes to apply.",
    "lang" : "en:us"
  },
  "csaw" : false
}